lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Rici Lake escreveu:

Sure. You could write your own language. But I have a hard time figuring out what could be simpler than Lua. What syntactic constructs would you like to eliminate? (I emphasize the word syntactic here -- I understand the issue with spelling errors on global variables.

I hope I don't have to write my own language :)

> That one is actually
pretty simple to detect; the easiest way is to compile the function and then run it through luac and look for GETGLOBAL/SETGLOBAL lines. Or you could just copy the luac printing code; it's pretty straightforward.)

I will have a look.

You sai in another message: "Trust your users. That may be hard, but it's worth it in the long run." Well I don't trust them, it is sad but it is a fact of life: users are dangerous, agressive creatures.
If you really feel that way, then I would advise that you get out of tech support. The pay's lousy and the work's repetitive. The only reward is the joy of helping people learn, and if you don't find joy in that, neither will they, and you'll all end up frustrated. Trust me on this -- I spent a lot of years doing tech support, and I miss it sometimes, but I saw a lot of my coworkers get really frustrated, and unnecessarily so. I personally *hate* the word "users"; I always made a point of saying "colleagues". Which I suspect was another frustration for my colleagues in tech support.

Well, not that much. I *like* helping people that can understand what I say. What I don't like is that repetitive amount of stupid questions, but I have doing a fair amout of it lately and I dicovered (see my last message) that if things a planned better, support is a lot better do do and more effective. And then I can keep to backgroung support which I like.

I can say it now this way: I want to plan in advance so that conditions are better defined and so fewer error could happen. One way of doing it is by checking that the code corresponds to some arbitrary subset of the language.

As For sandboxing, I understand that I can apply this principle for the whole screen, am I correct? This way, the whole application will be safer, or if I remove all dangerous functions is enough?

Every time you do a lua_open (i.e. every screen), you need to load a set of libraries. Presumably, you will do this with some wrapper function, so it should be easy to customise. Edit the list of libraries and/or edit the luaL_reg's of functions which they install. This is also where you will install your own functions and globals. Whatever you put into the Lua state is all there is; lua_open does not install a single function.

If all the scripts for a screen are written by the same user, it shouldn't be necessary to sandbox them from each other, as you say. In fact, it might be useful to them to be able to use globals (you can, however, give each script a separate globals table if that's useful to you).

Yes, a screen is allways written by one user (hopefully) and thought of a one unit (has to be). I thing that I understand this now and will keep it for more tests.

thanks for all this discussion. Tomorow I will list all important topics that came as fruits from it,